CVE-2026-47318
Stack-based Buffer Overflow in Samsung rlottie
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Samsung TV & Appliance
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | rlottie | to ce72b35a7ad0dded03051d3aa0ef75321c3bd035 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the Samsung Open Source rlottie library. It occurs in the function gray_render_cubic when processing certain cubic curves. Specifically, the function uses an array as an arc stack and advances a pointer by 3 on each split. When the pointer reaches a certain offset, a write operation exceeds the array boundary, causing a stack overflow. This can be triggered by a malicious Lottie file containing an incorrect cubic curve.
How can this vulnerability impact me? :
The stack-based buffer overflow can lead to a denial of service or potentially allow an attacker to execute arbitrary code. Since the vulnerability is triggered by processing a malicious Lottie file, an attacker could exploit this by providing crafted files to applications using the rlottie library, causing crashes or other unintended behavior.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by a malicious Lottie file containing an incorrect cubic curve that causes a stack-based buffer overflow in the rlottie library. Detection would involve identifying such malicious Lottie files or monitoring the behavior of the rlottie library when processing these files.
Since the vulnerability occurs in the function gray_render_cubic within rlottie, one approach is to monitor or log any crashes or abnormal terminations of applications using rlottie when rendering Lottie files.
There are no specific commands provided in the available information to detect this vulnerability directly on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the rlottie library to a version that includes the fix for this vulnerability. The fix was merged on May 12, 2026, and involves adding a bounds check before calling gray_split_cubic() to prevent the stack overflow.
Avoid processing untrusted or malicious Lottie files that could exploit this vulnerability until the update is applied.